Deploy API Management in external VNet with public IP

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure


This template shows an example of how to deploy an Azure API Management service within your own virtual network's subnet in external mode. In external mode, clients from the internet can connect to the API Management service gateway, while the gateway can access backends available only in the virtual network.

  • The template creates a Premium tier API Management instance that is deployed to two availability zones. You may choose to deploy the API Management instance in the Developer tier; however, availability zones are not supported in that tier.
  • The template deploys a virtual network and a dedicated subnet that hosts the API Management service.
  • The template obtains a Standard SKU public IP address from the customer's subscription.
  • The template also deploys a network security group on the API Management subnet, which is based on recommended configurations.
  • The template disables all unsecure ciphers and SSL/TLS protocols.

Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworks, Microsoft.ApiManagement/service